Akamai Research Finds 29% of Web Attacks Target APIs

March 20, 2024

3 Min Read

PRESS RELEASE

CAMBRIDGE, Mass., March 19, 2024/PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report.

Lurking in the Shadows: Attack Trends Shine Light on API Threats highlights the array of attacks that are targeting APIs and finds that 29% of overall web attacks targeted APIs from January through December 2023. Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%.

APIs are vital to most organizations because they improve both employee and customer experiences. Unfortunately, cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation. The new SOTI notes that these attacks will continue to spike as the demand for API use increases, and urges organizations to properly account for and secure their APIs.

This latest research analyzes some of the most common problem areas with regard to both posture and runtime challenges. It offers several case studies that underscore the real-world implications of API security for organizations and features breakout reports with data for the Europe, Middle East, and Africa (EMEA) region and the Asia-Pacific and Japan (APJ) region.

Other key findings of the report include:

● Business logic abuse is a critical concern because it is challenging to detect abnormal API activity without establishing a baseline for API behavior. Organizations without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping — a new data breach vector that uses authenticated APIs to slowly scrape data from within. 

● The range of attacks on APIs includes tried-and-true methods like Local File Inclusion (LFI), Structured Query Language injection (SQLi), and Cross-Site Scripting (XSS) to infiltrate their targets.  

● APIs are at the heart of most of today’s digital transformations so it is paramount to understand the industry trends and relevant use cases, such as loyalty fraud, abuse, authorization, and carding attacks.

● Organizations need to think about compliance requirements and emerging legislation early in their security strategy process to avoid the need to re-architect.

“APIs are increasingly critical to organizations but their security is often not designed into the capability, or the security team is not able to keep up with the rapid deployment of new technology,” said Steve Winterfeld, Advisory CISO of Akamai. “Lurking in the Shadows: Attack Trends Shine Light on API Threats provides insights and visibility to help organizations leverage the best practices to protect customers.”

This year marks the 10th anniversary of Akamai’s State of the Internet (SOTI) reports. The SOTI series provides expert insights on the cloud security and web performance landscapes, based on data gathered from Akamai Connected Cloud. 

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day.

Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai’s cloud computing, security, and content delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on X, formerly known as Twitter, and LinkedIn.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights